It's all about IT and much more…

Menu

Hello everyone,
In this post I want to talk about a problem that can occur if you run out of free ports to open up connections on a server. This can happen in many situations, for example if you are using a web server that hosts multiple sites or a cluster of servers that uses different services to connect to the internet, or a page that is very accessed etc.The thing is that every service or application that runs on a server, at layer 4 in the tcp/ip stack uses a so called port number. A port is used on a device to specify a specific service or applicaiton that runs on that particular device. There are many known well ports like 80 for http, 53 for dns, 110 for pop3 etc., that are reserved for applications that run on that particular port ony. The well known ports are from 0 to 1023. The ports from 1024 to 49151 are so called registered ports and are used by companies that released software that needs to connect to the internet in order to work. An example of such software is yahoo messenger or skype. The ports from 49152 through 65535 are dynamic or private ports (also called ephemeral ports read more about them on: http://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html ) that are used by the local server/machine to connect to the internet or to establish connections locally by different services or applications. You can find out more about ports on sites like wikipedia : http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbershttp://en.wikipedia.org/wiki/Ephemeral_portThe thing is that when for example you have too many tcp connections, you can find yourself in the situation where there are no free ports available. One way to see that is by looking in the event viewer on the server for the event with the id of 4227:

If you open that particular event you can see a short description of the problem:

A good site that describes different events is http://www.eventid.net/ . On this site you can find common reasons for many problems and also in many cases what can you do to get rid of that issue.

The thing is that in many cases there are one or few events in the event viewer with the 4227 id that signals you this problem so it’s hard to identify the cause.

The resolution to this problem is to increase the tcp port pool and in many cases to decrease the TcpTimedWaitDelay. TcpTimedWaitDelay is used by machines to specify the time that must pass in order to return a specified port to the dynamic tcp port pool. More about this parameter on http://technet.microsoft.com/en-us/library/cc938217.aspx.